gell-web

model session activity for web based applications

Concepts

• authority
  • responsible for issuing user and browser sessions
  • NOTE: this concept is really a gell-session concept
• login session
• websocket session

Session Model

• as with all gell systems, interaction with web applications is modeled as a Session hierarchy

Hierarchy

• user
  • browser
    • login
    • websocket

Domain

• user
  • represents any person that interacts with a web application
  • can be "anonymous" or known to the application
  • often (but not required to be) tied to an identity
  • identity is not modeled by this package
• browser
  • maintains state for user and application over a period of time
  • persistence is typically cookie based
• login
  • represents authenticated interaction with a web application
  • allows for browser session to extend beyond period of time where user has "logged in"
• websocket
  • represents a websocket connection between browser and web application backend
  • NOTE: no Session implementation currently for a "secured" connection (after authorization)

Roadmap

• implement the "authorize" concept
  • this should be a more general approach to associating a user with a session
  • this might be a gell-session concept
  • should be an authorize event
    • or perhaps "authorizer" (future) instead of event
    • allow client to specify cardinality rules
• solidify role and persona concepts
  • this might be in gell-actor
• implement a generic "cardinality" concept
  • this might be a gell-session concept
  • prevents more than one session to exists at a time
  • provide strategies for preventing concurrent sessions
    • this was implemented with websockets
  • authority would enforce cardinality strategy